.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Sophos introduced Synchronized Security in 2015 with the ability for Sophos Firewall and Sophos Endpoint to share information and work together to automatically respond to threats. This pioneering approach, which transformed cybersecurity from a collection of point products to a security ecosystem, has been successfully reducing cyber risk and elevating security outcomes in the face of real-world threats for over a decade.
We’ve steadily expanded and evolved Synchronized Security since that initial launch, including interconnecting a broad range of products and services, extending response actions, and synchronizing our threat intelligence. Today, Sophos Workspace Protection becomes the latest addition to the Synchronized Security portfolio.
Security Heartbeat
Three key capabilities come together to enable Sophos solutions to work together:
- Security Heartbeat™ is a constantly beating device health status indicator that shows Red, Amber, or Green to reflect its real-time state.
- The Sophos Central platform, which enables Sophos solutions to share threat, health, and security information in real-time, including Security Heartbeat status.
- Sophos solutions are engineered to automatically take actions based on a device’s Security Heartbeat status.
By enabling Sophos solutions to work together, Synchronized Security and the Security Heartbeat capability reduce response time from minutes or hours to just seconds. They also extend the powerful risk reduction capabilities provided by individual Sophos solutions with an additional defense layer only available when security solutions work together.
And it’s free. Synchronized Security is included and enabled automatically at no extra charge for all Sophos customers.
Enabling a coordinated, automated response to threats
Step 1: Detect. If Sophos Endpoint detects a threat on a user’s device, it automatically changes the device’s Security Heartbeat status to Red and shares the new health status with the wider ecosystem.
Step 2: Isolate. Sophos Firewall and Sophos ZTNA immediately limit the Red status device’s access to network resources and applications, preventing data loss. Sophos Firewall can also block traffic from the compromised device to all healthy (Green status) endpoints on the network – including those on the same switch – eliminating the possibility of lateral movement even within the same LAN segment.
Step 3: Restore. Once the affected device is cleaned up, Sophos Endpoint automatically changes the Security Heartbeat status to Green, which instantly triggers Sophos Firewall and Sophos ZTNA to re-enable access.
What about middle-of-the-night attacks?
Synchronized Security is a powerful tool at any time of the day or night, but is particularly helpful outside standard working hours, when in-house resource availability is often reduced. With 88% of ransomware incidents starting during evenings, nights, and weekends, it’s also prime time for adversaries to launch an attack.
So, what happens if an attacker hacks into one of your servers late on a Friday? In a non-Sophos-protected environment, the adversary will have full access to the network over the entire weekend – giving them ample time to exfiltrate data, install backdoors, and deploy ransomware.
But in a Sophos-protected organization, any malicious activity detected on the server by Sophos Endpoint automatically triggers a Red Security Heartbeat health status, causing Sophos Firewall to effectively cut off the server from the rest of the network until it can be cleaned up – without anyone having to do anything.
Once the compromised server has been cleaned up, Sophos Endpoint will return its Security Heartbeat to Green, and full system access and connectivity will be restored automatically.
More than threat response
In addition to automatically responding to threats, Synchronized Security can share application information between Sophos Endpoint and Sophos Firewall. This enables Sophos Firewall to route, prioritize, or block application traffic it might not otherwise be able to identify.
For example, if you have a custom application that needs prioritization, most firewalls won’t recognize it and leave it at the mercy of all the other traffic on your network. With Sophos Firewall and Sophos Endpoint working together, traffic from your custom app can be easily identified and prioritized.
Sophos Endpoint can also share authenticated user information with Sophos Firewall to simplify user-based policy enforcement.
And it doesn’t stop there. For example, if a compromised device starts sending spam or phishing emails, it will trigger a Red health status, causing Sophos Email to automatically block messages before they reach users.
Another great example of Synchronized Security in action is Active Threat Response, which extends Synchronized Security to security operations teams. With Active Threat Response, an analyst working for Sophos as part of our MDR service, or your own analysts working with Sophos XDR, can trigger a Synchronized Security response using the new threat feed capability built into Sophos Firewall. Synchronized Security then acts on this information to identify any compromised host on the network and isolate it automatically until it can be cleaned up. Active Threat Response is also available for Sophos switches and AP6 access points.
The latest addition: Sophos Workspace Protection
Sophos Workspace Protection is an integrated bundle of security solutions that protects apps, data, workers, and guests easily and affordably – wherever they are. It includes Sophos ZTNA, which now supports Security Heartbeat, enabling you to automatically prevent compromised devices from connecting to important networked applications and data. This unique, automated threat response capability greatly limits the ability of a compromised device belonging to a remote worker from becoming an entry point for an attacker to the broader network.
Synchronized Security and Security Heartbeat are key reasons why Sophos ZTNA is a critically important security solution for remote access. Traditional VPN solutions have no way of knowing if a device has been breached and will allow any compromised device full access to the network. Sophos ZTNA, on the other hand, not only enforces multi-factor authentication to prevent breaches from compromised credentials, it also includes Synchronized Security to prevent devices from connecting when in a compromised state.
How to get Synchronized Security
Security Heartbeat is automatically included with Sophos Firewall, Sophos Endpoint, Sophos Email, Sophos Mobile, and now Sophos Workspace Protection. No extra products or solutions are required, no additional subscriptions to purchase.
Sophos Central takes care of all the data sharing. You simply need to set up the Security Heartbeat conditions in your policies to take advantage of it. It’s that easy. It’s one of the reasons many customers choose Sophos for their cybersecurity – you won’t find this anywhere else.